ASA (Adaptive security appliance)

Default policy:

  1. Traffic flowing from a higher-level security interface to a lower one is permitted by default.
  2. Traffic flowing from a lower-level security interface to a higher one is denied by default.
  3. Traffic flowing from one interface to another with the same security level is denied by default.
  4. Traffic flowing into and then out of the same interface is denied by default.

Modes in ASA:

  • User EXEC mode: –
    By default the initial access to an ASA places the user in user EXEC mode
    ASA>
  • Privileged EXEC mode: –
    The privileged EXEC level offers complete access to all firewall information, configuration editing, and debugging commands. The ASA prompts for password before granting access to the privilege EXEC mode.
    ASA#
  • Global Configuration mode: –
    You can issue firewall commands to configure any feature that is available in the operating system.
    ASA(config)#
  • Specific configuration mode: –
    The ASA offers many specific configuration submodes.

Difference between PIX and ASA:

  • PIX(Private Internet eXchange):
    • CISCO PIX is a dedicated hardware firewall appliance.
    • All model of CISCO PIX are in 500 series.
    • CISCO PIX runs the PIX operating system. The PIX OS is quite similar to the CISCO IOS but there are few differences.
    • PIX have PIX Device Manager (PDM) for graphical interface. This GUI is a Java application downloaded through a Web browser.
    • CISCO PIX doesnot support webVPN
    • CISCO PIX does not support Transparent Firewall, Security Context and Modular Policy
    • CISCO PIX have 16 MB RAM
  • ASA(Adaptive secrutiy appliance):
    • CISCO ASA is a firewall and anti-malware security appliance.
    • All model of CISCO ASA are in 5500 series.
    • CISCO ASA run ASA version 7.2 or higher.
    • CISCO ASA have ASDM for graphical interface. THis GUI is also Java based.
    • CISCO ASA support webVPN.
    • CISCO ASA Support Transparent Firewall, Security Context and Modular Policy.
    • CISCO ASA have 64 MB RAM

ASA factory default config:

  • One interface is set aside as a protected “management” network, where a PC will be connected.
  • A DHCP server is enabled on the management network, to automatically provide an IP address for the PC.
  • An HTTPs server is enabled on the management network, to allow the PC to access secure web-based ASDM sessions with the ASA via HTTPS over TCP port 443.
  • In the initial configuration, the management interface is always configured to use IP address 192.168.1.1 and subnet mask 255.255.255.0. The DHCP server is configured to provide addresses from a range of 192.168.1.2 to 192.168.1.254.

    To make the configuration of the ASA to factory default condition use following commands: –
    ASA(config)#configure factory-default

Advertisements
This entry was posted in ASA. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s